Loading ...
Sorry, an error occurred while loading the content.

188Re: [caplet] Re: ADsafe and the Standard Globals

Expand Messages
  • David-Sarah Hopwood
    Apr 10, 2008
    • 0 Attachment
      Douglas Crockford wrote:
      > They are creatures of the DOM.

      I can see the B-movie poster now :-)

      More seriously, all of the objects that Doug just granted access to,
      with the exception of Date, provide no authority -- they only provide
      pure deterministic functions, constant values, and the ability to
      allocate objects of those types (if you don't count that as pure).
      I had come up with exactly the same list for Jacaranda -- except
      that I had accidentially missed out encodeURIComponent.

      Date is an exception just because it grants access to what the Javascript
      implementation thinks the current date/time is, which is technically an
      authority -- but not one that is significant for ADsafe's threat model.

      David-Sarah Hopwood
    • Show all 15 messages in this topic